Switching from KeePassXC to Bitwarden

I have been looking to replace my password management setup for a few months
now. Up until now I was using KeePassXC, but I never got around to putting in
the work to make it work properly on mobile.

I understand that the standard solution is to just get the file synced on your
phone using Dropbox and then install a mobile app which can read the file off of
Dropbox. But the idea that all my passwords are in one single file somewhere on
the internet (cloud, if you will) is a bit disturbing.

Incidentally, this is also the reason I never got around to using 1password,
Lastpass, or other cloud-hosted password managers.

This is not to discount the work that the security folks at these companies are
putting in on a daily basis to make their services secure. And I know that my
passwords file is encrypted. I've just seen enough mistakes happen and I'd like
to avoid being a part of one.

Requirements

My requirements were fairly simple. I wanted something that

is open-source

allows self-hosting

works on mobile

... in that order.

Turns out that just these 3 requirements narrowed down the search to
Bitwarden.

Bitwarden

Bitwarden is open source. There's a core server written in C# and then there
are multiple client apps (iOS, Android, desktop).

The backend appears quite heavy weight. Being written in C# and talking to a SQL
server installation, it's not exactly what I would call "deployment friendly".
Luckily, they provide a Docker image which you can use to self-host the whole
thing.

While this works on a modern machine, I wanted to run Bitwarden on a spare
Raspberry Pi connected to my home network where the system requirements are a
bit less than what the Docker image requires.

It turns out that I'm not the first person to run into this problem. @jcs
already wrote a Ruby server which is API-compatible with the "official"
Bitwarden backend. This implementation is very lightweight, and completely
doable for the Pi. So all I had to do was create a new bitwarden user on the
Pi, install rvm, git clone the repository, and then start the server
process.

The only problem left now was setting up a static IP for the Pi so that the
desktop client on my laptop and the iOS app on my phone know the
(static & private) IP address they should be connecting to. Luckily my modem
supported allocating the same IP to devices based on their MAC addresses so this
was also easy.

Migrating from KeePassXC

rubywarden includes a script to import existing KeePassXC database files, and
it worked without any problems. The script somehow didn't handle my KeePassXC
folders very well. So an entry called "Google" in the "Internet" folder was
imported as "Internet/Google". Those slashes look pretty annoying, so I took
some time out to delete some unused passwords and organize the rest into
folders.

Migration was a non-issue, I would say.

Caveats

The only caveat with this system that I can think of right now is that when
you're not at home, you won't be able to save/edit/delete passwords. You'll be
able to read just fine, but editing won't work.

The reason is that your client apps are configured to talk to a private IP
address (of the Pi in this case). But so far I haven't had the need to
save/edit/delete passwords when I'm outside. And reading them works just fine.

If this is important for you, then this is probably the price you pay for
keeping the passwords on a machine you can physically look at.